Cybersecurity Awareness Month 2019

What is National Cybersecurity Awareness Month?

National Cybersecurity Awareness Month (NCSAM) was created under leadership from the U.S. Department of Homeland Security and the National Cybersecurity Alliance (NCSA), NCSAM since 2003. The national theme for October is ‘Own IT. Secure. IT. Protect IT.’, and its goal is “to encourage personal accountability and proactive behavior in digital privacy, security best practices, common cyber threats and cybersecurity careers”.

Inspired eLearning is a proud supporter of NCSAM, and we are excited to help continue to create more awareness around the current cybersecurity threat landscape. In celebration of NCSAM, throughout the month of October, Inspired eLearning will be providing free posters, screensaver, downloadable microlearning videos, and more focused on defeating social engineering.

We also urge organizations who have not established a security awareness training program to take this month to learn more about the importance of educating and protecting their workforce. Deploying monthly security awareness training and phishing simulations with Inspired eLearning has been statistically proven to decrease breaches, saving companies of all sizes money, time, and reputations.

Week 1: Email Phishing

Phishing is a technique used by cybercriminals to acquire your personal information (such as credit card numbers or login credentials) by sending an email that is designed to look just like it came from a legitimate source, but is intended to trick you into clicking on a malicious link or downloading an attachment potentially laced with malware.

Phishers typically create fake emails that appear to come from someone you trust such as a bank, credit card company, or a popular website. The email may ask you to “confirm your account details” and direct you to a website that looks like the real website, but whose sole purpose is stealing information.

Clicked on a phishing link?

Vishing

Vishing or voice phishing is the fraudulent practice of extracting sensitive information over the phone. Vishing scams can be done through direct phone calls or voicemails. Because the hacker is using a VoIP, a technology that allows you to make calls using the Internet instead of a regular phone line, caller IDs can be spoofed making the call seem even more legitimate.

SMiShing

SMiShing occurs when a cybercriminal sends a text or SMS message to another individual requesting their personal information. Similar to attempts that occur via email, those who receive the text are more likely to trust this form of communication over an email.

USB Baiting

External storage devices can be used by cybercriminals in a social engineering attack called, USB baiting. Compromised USB drives can be used to inject malicious code, redirect you to phishing websites, or give a hacker access to your computer.

Week 3: Physical Social Engineering

Download the Defeat Social Engineers Poster & Screensaver

With increasingly sophisticated technical defenses for networks and computer systems, some social engineers have gone back to the classic person-to-person approach. Their basic social engineering strategy is to prey on vulnerabilities in human nature, such as trust, fear, politeness, and helpfulness, rather than technical vulnerabilities in computer programs. Social engineers have done their research and are experts in manipulation.

By impersonating or playing the role of someone you’re likely to trust or obey, social engineers aim to trick you into allowing access to your office, to information, or to your information systems. This type of social engineering plays on our natural tendencies to believe that people are who they say they are, and to follow instructions when asked by an authority figure.

Tailgating

Tailgating is a tactic used by social engineers to gain access into a restricted area by walking behind an individual who has legitimate access. When tailgating, social engineers will disguise themselves as delivery drivers, maintenance professionals, or an innocent visitor to gain your trust and ultimately physical access into your organization.

What are the primary countermeasures to social engineering?

Week 4: Prevention, Protection and Training Best Practices

Defend Against Social Engineers

When it comes to cybersecurity, Inspired eLearning emphasizes proactive behavior and personal accountability for everyone. In addition to monthly security awareness training, phishing simulations, and reinforcement education, your best protection against cyber–attacks is to T.H.I.N.K.:

T – Think before you click on links & attachments.

H – Hover over links to see their destination.

I – Install only approved software.

N – Never ignore warning signs.

K – Keep operating systems up-to-date.

Download the Your Best Protection Is to THINK Poster & Screensaver

Download the Social Media Safety Tips Infographic

Secure Your Social Media

Currently there are about 3 billion social media users worldwide, which means Facebook and other popular sites including Twitter and Instagram, will continue to be prime targets for hackers. Despite the scary threat landscape, there are things you can do to secure your social media:

Check your privacy settings frequently.

Make sure to update the programs or apps you are using to access social media.

Don’t post any personal information that could be used to access accounts.